Server Virtualization in Action: A View From the Trenches

Server Virtualization in Action: A View From the Trenches


December 30, 2009

The following is an excerpt of a chapter from Practical Virtualization Solutions, a book that serves as a guide for managers and CIOs involved in planning, deploying, or managing virtualization projects. Among the topics the book covers are: how to transition your data center from being focused on the physical to being primarily virtual; a comparison of VMware ESXi, VMware Server, Microsoft Hyper-V, Citrix XenServer, and other virtualization technologies; advanced techniques for simplifying virtual machine management; and where virtualization comes into play for networking and storage.

In general, ServerWatch does not publish book excerpts. In this case we've made an exception, as the authors of Practical Virtualization Solutions are ServerWatch editor and Virtually Speaking columnist Amy Newman, and ServerWatch's Cover Your Assets columnist Kenneth Hess.

We hope you find it useful and informative. Should you wish to read more, the book is available for purchase from InformIT.


This chapter enters the mix of solving problems with virtual machines (VM) and services. We’ve chosen solutions that are somewhat generic in nature and thus applicable to the widest range of situations. The software we will use to demonstrate those solutions are VMware Server and Microsoft Virtual PC. In this and the two subsequent chapters, the software is ancillary to the solution and should not be viewed as an endorsement of a particular solution or company. In this case, VMware Server and Virtual PC were chosen because they are free and work well with a variety of guest operating systems. There is also a huge repository of VM templates, server appliances, and images available for both platforms.

This chapter illustrates how to create and configure dedicated virtualized servers; then it covers migrating physical machines to virtual ones. It also provides an overview of backup and recovery, server appliances, VM migration, tuning, and concludes with a look at VM security.

Configuring Dedicated Servers with Virtualization

This section is probably going to take the most time to absorb because it is such a shift from tradition. The next server you create and use will not be a physical one with a system board, drives that you plug in, or memory boards that snap into place. You won’t need to worry about downloading drivers for that video card, network card, or controllers of any kind. In fact, there might not be any hardware compatibility troubleshooting whatsoever.

These days we hardly even bother with CD/DVD drives to install an OS. ISO images are much easier to deal with, and there is hardly a point in searching for a disk that might be scratched in some vital area, making installation frustrating, if not impossible.

A dedicated virtual server (system) is one that, like a physical server, is dedicated to a job or jobs for which it is designed. Configuring a virtual dedicated server is much the same as configuring a physical dedicated server. After installation, the server needs security patches, software updates, and service pruning. Service pruning is halting or removing unneeded services from your system.

Service pruning is necessary to reduce the number of potential vulnerabilities that exist with some network services. You should install and run only the services you need for your dedicated server to perform its designated function.

In this first dedicated server example, a Debian system is installed to function as a mail server. Debian was chosen because it installs quickly without a lot of superfluous services and software. We used an ISO image to install from and boot the VM.

Preparing the Virtual Machine

To do this in VMware Server, create a new VM and, when it is complete, browse to your ISO image under Edit Virtual Machine Settings from the main VMware Server screen, and change as shown in Figure 9-1.


Selecting the ISO image from which to boot in VMware.
Figure 9-1
Selecting the ISO image from which to boot in VMware.

Or, if you’re using Virtual PC, you need to start the new VM, then choose CD, Capture ISO Image before the VM boots. See Figure 9-2.


Capturing the ISO image in Virtual PC.
Figure 9-2
Capturing the ISO image in Virtual PC.

If your VM doesn’t boot to the ISO image in VMware, you will need to set the VM to boot to the CD/DVD drive using VMware’s Boot Menu. To get to the Boot Menu, press ESC when the VM begins to boot, as shown in Figure 9-3, and then select CD-ROM Drive.


Press ESC for Boot Menu.
Figure 9-3
Press ESC for Boot Menu..

Note - The booting VM must have focus before you’re able to press ESC and select from the Boot Menu. You give the VM focus by clicking the VM with your mouse.


The VM will now boot from the ISO image. Follow this same procedure to boot from the CD/DVD drive if you have a physical CD or DVD disk from which to boot.

After the new VM boots to the CD image, install the operating system as you would for a physical system. In the case of a Linux installation, you may find that on first boot the X Window system (graphical interface) starts incorrectly or fails to start altogether. This is because the video setup is incorrect or not supported. VMware and Virtual PC have additional software available to assist you in setting up your system for unsupported hardware. VMware includes VMware Tools and Virtual PC provides Virtual Machine Additions.

To install Virtual PC’s Virtual Machine Additions, select Action, Install or Update Virtual Machine Additions, Continue. The installation should start automatically.


Note - Virtual Machine Additions are available only for DOS, OS2, and Windows Operating Systems in Virtual PC.


Installing VMware’s Tools for Windows computers is a simple task—click VM, Install VMware Tools. You may be prompted to reboot when the installation completes. The installation begins and proceeds automatically with only a few interactions from you. Linux, however, is more complex, depending on the distribution. Here’s how to install VMware Tools for any Linux distribution:

  1. Click VM, Install VMware Tools, Install.

  2. The dialog box disappears and it looks as if VMware Tools are installing for you in the background, but they aren’t. The Tools are now available to you in a virtual CD format.

  3. Mount your CD/DVD drive (if it doesn’t automatically mount and open for you). Enter the following code:

  4. # mount cdrom or mount /dev/cdrom.

    Two files on the virtual CD contain the VMware Tools: VMwareTools- (version).rpm and VMwareTools-(version).tar.gz. You can install the rpm directly, if your distribution supports it. The tar.gz file is the source code for the VMware Tools and the only way we have ever been successful at installing them. Your experience may vary.

    The prerequisites for a successful installation include, but may not be limited to, the following:

    • A C compiler (gcc).

    • Kernel sources.

    • Kernel header sources.

    • Others—Check your error messages.

  5. Copy the tar.gz file to a directory on your hard drive, unzip, and untar it.

  6. CD into the vmware-tools-distrib directory and execute the install script using the following code:

  7. # ./vmware-install.pl

    The script will guide you through a series of installation questions. Use the default answer unless you know how to answer the prompts for your system. If all goes well, your installation should proceed without issue. If you get errors, you will have to download and install any missing pieces.

  8. Check for the vmware-guestd after installation by entering the following:

  9. # ps –ef |grep vmware

    You should see a response similar to the following:

    /usr/sbin/vmware-guestd –background /var/run/vmware-guestd.pid

    Now that you have successfully installed VMware Tools, you can install the video support drivers so your X Window interface will work properly. To get to that, enter

    # apt-get install xserver-xorg-video-vmware

This excerpt © Copyright Pearson Education. All rights reserved.

Want to read more than that? Pick up a copy of Practical Virtualization Solutions from InformIT

.

Follow ServerWatch on Twitter

Next >> Dedicating the Server

Reboot your VM or restart your X server to initialize the new video support. Your graphical interface should fire up and prompt you for a username and password. A graphical interface isn’t necessary to any functions of a dedicated server, but it’s nice to have for performing some administrative tasks (creating new users, sharing folders, printer setup) in a busy environment.

Whether you use Windows, Linux, or some other operating system, your virtual server is now ready for dedicated service.

Dedicating the Server

Depending on your operating system and choices during installation, it takes only 15 to 45 minutes to completely install and prepare a VM for this next critical step in the process of creating a dedicated system.

For our Debian-based mail server, we must prune out all unnecessary daemons (services) and check for open ports that may offer an attacker opportunity to hack our system. We downloaded and installed the NMap network security auditing tool from http://www.nmap.org. This tool is available as source code, Linux/UNIX packages, and as a Windows installer.

The NMap tool assists you in checking your new system for open TCP and UDP network ports so that you can make informed decisions about which ones to turn off. When we performed an intense scan of my new Debian system, we found that we had three open ports. Table 9-1 shows the output from NMap for that system.

Although we have three open ports, only two are essential: SMTP and SSH. You could argue that SSH is not absolutely necessary, but we prefer to keep it. rpcbind (rpc.statd) is a good candidate for removal because the mail server does not require Network File System (NFS) or any other Remote Procedure Call (RPC) program to operate normally.

The same service pruning can be done for Windows systems, although more caution should be taken when doing so. Disabling required services can be devastating to a Windows system. We scanned a virtual Windows 2003 server that acts as an Active Directory server with NMap. Table 9-2 shows the results. The server is a default installation to which Active Directory was added upon initial configuration. No other services were configured for it.

Table 9-3 is an NMap scan of a Windows 2003 system default installation.

Table 9-1  NMap Results for Debian Mail Server Scan.

PORT

PROTOCOL

STATE

SERVICE

VERSION

53

tcp

Open

Ssh

OpenSSH

88

tcp

Open

Smtp

Postfix smtpd

135

tcp

Open

rpcbind

 

Table 9-2  NMap Results for Windows 2003 Active Directory Server Scan.

PORT

PROTOCOL

STATE

SERVICE

VERSION

53

tcp

Open

Domain

Microsoft DNS

88

tcp

Open

kerberos-sec

Kerberos-sec

135

tcp

Open

Msrpc

RPC

139

tcp

Open

netbios-ssn


389

tcp

Open

Ldap

LDAP

445

tcp

Open

microsoft-ds

Directory Services

464

tcp

Open

kpasswd5


593

tcp

Open

ncacn_http

RPC over HTTP

636

tcp

Open

Tcpwrapped


1025

tcp

Open

Msrpc

RPC

1027

tcp

Open

ncacn_http

RPC over HTTP

3268

tcp

Open

Ldap

LDAP

3269

tcp

Open

Rpcbind


Table 9-3  NMap Results for Windows 2003 Server Scan.

PORT

PROTOCOL

STATE

SERVICE

VERSION

135

tcp

Open

Msrpc

RPC

139

tcp

Open

netbios-ssn


445

tcp

Open

microsoft-ds

Directory Services

1025

tcp

Open

Msrpc

RPC

1026

tcp

Open

ncacn_http

RPC

Although this is not a book on security, it bears mentioning that ports 135 and 445 should be blocked from the Internet. Port 445 is deeply embedded in Windows and is almost impossible to turn off without negative consequences, so your best option is to block it via firewall. Port 135, on the other hand, may be turned off without ill effects. At a minimum, it should be blocked via firewall from the Internet. When it comes to Internet security, you should expose only those ports that need exposure.

After you have removed any offending services from your system, it’s ready for business as a dedicated virtual server.

This excerpt © Copyright Pearson Education. All rights reserved.

Want to read more than that? Pick up a copy of Practical Virtualization Solutions from InformIT

.

Follow ServerWatch on Twitter

Next >> Deploying Server Appliances

Deploying Server Appliances

Related to dedicated virtual servers are server appliances. Server appliances are open source (usually) VMs created for a specific function. They are downloadable VM images that serve as web database servers, blog servers, content management system application servers, and even file and print servers, to name a few. They are designed to be smaller and to perform a singular function, which makes them perfect candidates for projects that would otherwise require a physical system that would likely be underutilized.

Server Appliances are ready to use as soon as they’re downloaded, unzipped, and opened in your virtualization software console.

Table 9-4 lists some sites from where you can download server appliances.

Note: Server Appliances must be subjected to the same rigorous security sweeps and pruning as other servers. Don’t trust them just because they are prepackaged.

Adjusting and Tuning Virtual Servers

The next item of business you’ll need to tackle for your dedicated VMs is adjusting and tuning. You’ll need to do this after the system has been up and running for a few weeks so that you’ll have a feel for baseline performance. You need to monitor performance with a performance-monitoring tool such as Orca (http://www.orcaware.com/orca).

Tools like Orca give you a continuous (hourly, daily, monthly, quarterly, and yearly) view into system performance. Not only can you keep an eye on performance peaks and valleys, you can also determine the best times for backups and maintenance. You’ll also know when to add more RAM, more disk, more CPU, or even another VM to share the load.

So how do you tune a VM? The answer is, “almost the same as a physical machine.”

RAM

Adding RAM can be the easiest way to boost performance in physical and virtual systems. Your host system must have sufficient RAM for itself plus enough to run each guest efficiently and have room for growth. Often, but not always, adding more RAM can refresh sluggish systems. RAM is a cheap commodity and it has the highest performance boost per dollar of any performance enhancing adjustment. However, RAM is not always the culprit, as Chapter 12, “Form-Factor Choices and Their Implications,” will discuss, and adding RAM without knowing the root cause could have little impact.

Virtual Machine Add-ons or Tools

Adding your chosen platform’s VM tools is often ignored as a performance- increasing tweak. After installation, even before patching or updating, you should install the VM tools. Your overall experience with the VM’s performance will increase.

Drivers in these tools and add-ons boost and optimize video performance, as well as enhance mouse performance and transitions between host and guest, and deliver time synchronization improvements between host and guest.

Virtual Disks

Virtual drive configuration is also important. Stick with fixed-size virtual disks. Dynamic disks are nice to have, but you take a performance hit when using them. You can always add more disk space by creating another virtual drive for your VM.

Table 9-4  Websites Offering Downloadable Server Appliances.

SITE NAME

URL

DESCRIPTION

Jumpbox

http://www.jumpbox.net

Open source server appliances

ThoughtPolice

http://www.thoughtpolice.co.uk

VMware images of popular open source systems

VirtualAppliances

http://www.virtualappliances.net

Offering specialized open source server solutions

VMware

http://www.vmware.com/appliances

VMware and community server appliances